Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:afs: Fix merge preference rule failure conditionsyzbot reported a lock held when returning to userspace[1]. This isbecause if argc is less than 0 and the function returns directly, the heldinode lock is not released.Fix this by store the error in ret and jump to done to clean up instead ofreturning directly.[dh: Modified Lizhi Xu's original patch to make it honour the error codefrom afs_split_string()][1]WARNING: lock held when returning to user space!6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted------------------------------------------------syz-executor133/5823 is leaving the kernel with locks still held!1 lock held by syz-executor133/5823: #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline] #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds